Happy Data Privacy Day! Today is all about awareness, an international effort to encourage Internet users to consider the privacy implications of their online actions and motivate all companies to make privacy and data protection a greater priority.
With that in mind, CBR is kicking of the celebrations by looking at 8 ways to ensure your data remains private and secure.
1. CEOs – privacy is more than a ‘security’ issue
In an open letter written today, Silent Circle and Blackphone co-founder Phil Zimmerman urges global CEOs to focus on privacy, noting its differences from ‘security’. Zimmerman wrote:
"…when I see what happened to Sony recently — the data stored on their servers leaked to the world — my mind goes to that difference between privacy and security.
"I’m sure Sony had firewalls and VPNs, intrusion detection and antivirus, policies and procedures — all the usual artifacts of corporate information security. Those things securely delivered a mountain of information to Sony’s servers, where it was lost all at once."
"When it was lost, the privacy of Sony’s partners and employees went with it. That’s what corporate privacy is — the privacy of the people in and around the corporation. If we focus on their privacy rather than the corporation’s security maybe we can make better choices."
"Many kinds of information don’t need to be stored for long, or at all. If only participants keep a copy of their correspondence the company can’t lose it. Imagine how much worse the damage of a security breach would be if companies routinely kept years of recordings of all employees’ phone calls."
2. Education is key
Richard Anstey, CTO EMEA at Intralinks, highlighted the importance of education when protecting data. He said:
"Many people bring bad security habits from home into business. So educating consumers isn’t just about protecting them, but protecting our economy.
"Telling people to use strong passwords may even be counter-intuitive as it creates a false sense of security which people bring to work."
"When dealing with very sensitive information, such as IP, people need to know about very secure measures, such as information rights management. Security is about knowing what the danger is and how to deploy the appropriate level of protection."
"If we want a truly data-secure society we need to start by ensuring people know what value their data has, then they can make informed decision about how to secure it"
3. Be password smart
Jason Hart, VP Cloud Services, Identity and Data Protection at Gemalto, stated that the humble password is a key area to approach with caution.
"You should refrain from using the same password across multiple accounts. By doing this you prevent cross pollination – where cyber criminals use the same password details to facilitate data breaches across multiple organisations."
"Of course with so many online accounts and different passwords to remember, it’s challenging to remember a different one for each, so even better would be to replace these with One-Time Password (OTP) authentication."
"In my opinion, there’s no such thing as a strong password – static passwords all carry the risk of being hacked. OTP technology is the strongest protection for users. It can generate highly secure one-time passwords to authenticate users, often they will just have to remember a PIN number in order to retrieve a new password."
4. Personal privacy hidden in plain sight – apps
Symantec’s recent survey on mobile app behaviours highlighted how – 63% of consumers are willing to trade some of their privacy away for a free app. The company warned, however, that "free" rarely comes without a cost. The company advised:
"Personal and sensitive data is the currency for information and content in today’s digital world. Most app users are unaware of the privacy tradeoffs that come with access to popular apps."
"Consumers should educate themselves about mobile apps before download by reading reviews and determining permissions. Additionally, consumers should keep in mind that managing app permissions is different with iOS, which allows greater control, than Android."